Monday, June 6, 2016

How do you get access to a store's credit card terminals?

CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. The data available so far suggests that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider, and that multiple other retailers have been targeted by this same cybercrime gang.

There's a long history of this sort of thing. Both MIT and Cal Tech have traditions of students doing pranks. Often these are elaborate, and done in broad daylight (I recall one where a statue was loaded onto a flat bed trailer and driven away). Key to this was having the Guy With The Clipboard - anyone who came by to ask what they were doing was asked to sign for the "pickup".

Here we see the Bad Guys waltzing into a restaurant acting like they're Tech Support. This is a surprisingly hard problem to address.

I worked hired gun tech for about ten years. I showed up at financial institutions, schools, healthcare locations, government offices, etc every single day. Every time I went somewhere the first time, I was walking in cold often having to go through several levels of personnel to finally get to someone who actually knew that I should be there.

Health Care Security has improved (somewhat). In my current gig, you can't get past the front lobby without a swipe Badge that is verified each pass, The elevators and the doors to each area on any floor also require a badge. ( But "helpful" fellow employees will still hold the door for people they don't actually recognize )

....... and it was a Cannon --

It's not an easy thing to steal a two-ton, 111-year-old cannon and ship it 3,000 miles across the country without anyone noticing. But in 2006, MIT hackers calling themselves the Howe & Ser Moving Company did just that.

They showed up at Fleming House, a Caltech residence, with a phony work order on March 28, 2006. The work order duped security guards and they carted the cannon off, "barrel, carriage, and tongue," the Los Angeles Times later reported.

Days later, the cannon reappeared in front of MIT's Green Building, no worse for wear, but now adorned with a giant MIT class ring.

The funny thing about this particular hack is that it all happened before. Twenty years earlier, pranksters at Harvey Mudd College had pulled the same we're-movers-with-phony-paperwork stunt to cart off the cannon.

"It's not just like stealing a goat," Harvey Mudd cannon-swiper David Somers told NPR back in 2006. "This is an antique more than 100 years old. It weighs two tons. It's an engineering project unto itself just to move this thing without breaking it."

Notice of Cookies

Cookies in use. If you're in the EU, consider this a warning. The is a Blogspot site, so Google runs the backend. I don't know what they are doing with the cookies and they're not saying. If you are concerned that Google is tracking you, you should never visit a Google Blogspot site, use Gmail, or use Google as a search engine.

If you are concerned about being tracked on the internet, you should log off, shut down your PC, move to a cabin in the woods, grow your own food, never visit a bank, use a cell phone, or drive a car made after 1999. Don't go outside and look up at the sky, either.

If you are visiting this site from a EU country, you should get an annoying popup at the top of the screen. If you want to see it, here it is in English: http://www.borepatch.blogspot.co.uk/